allow to use resolvconf instead of resolv.conf

[luxzeitlos]

--set-dns should call resolvconf the same way the update-resolv-conf script does it for openvpn instead of directly modifying resolv.conf

[DimitriPapadopoulos]

Isn't this a duplicate of #101? If not please explain the difference.

In any case we'll have to review issue #101 again and understand why it had been closed. I may be wrong but I seem to recall that's because this issue was beyond the reach of openfortivpn - pppd would be the culprit. Perhaps pull request #483 can help by preventing pppd messing with DNS settings by default, which was not possible until now. Once this pull request is applied, we can make sure openfortivpn calls resolvconf.

Also which Linux distribution are you using? For example on Ubuntu 16.04 it looks like pppd is set to use resolvconf:

$ cat /etc/ppp/ip-up.d/000resolvconf 
#!/bin/sh
#
# PPP up hook script for resolvconf
#
# Reconfigures resolver to take into account
# the appearance of the ppp interface.
#
# This file is part of the resolvconf package.
#
[...]
echo -n "$R" | /sbin/resolvconf -a "${PPP_IFACE}.pppd"

$ 

How is pppd set up on you Linux distribution?

[mrbaseman]

I believe this comment by you Dimitri was the point at which (at least in my understanding) a fix was on the way. Unfortunately, we had to revert it, but with #483 I believe I have found what went wrong.

[DimitriPapadopoulos]

Ah right. So I understand we need to replace all the code directly modifying /etc/resolv.conf when starting openfortivpn by feeding:

namserver ns1
namserver ns2
search dns-suffix

to:

/sbin/resolvconf -a "<ppp_interface>.openfortivpn"

Then when shutting down:

/sbin/resolvconf -d "<ppp_interface>.openfortivpn"

Should we replace the code modifying directly /etc/resolv.conf, or perhaps attempt to use resolvconf and if not available fall back to modifying /etc/resolv.conf? How common is resolvconf on reasonably recent Linux distributions? What about BSD and macOS?

[mrbaseman]

I think we should check if resolvconf is available and use it then, and if not fall back to the current mechanism directly modifying /etc/resolv.conf.
I have installed resolvconf on my Ubuntu, but it was not installed by default. I was using it in conjunction with pppd so far. The dns-suffix feature however is only available when openfortivpn directly modifies resolv.conf - and the new default is again pppd-use-peerdns = 0, so if this is not explicitly changed, resolvconf is not called anymore.

[mrbaseman]

this is still to be done although the behavior intended in #330 is back again in the 1.11.0 Release via #483
Now we have a better understanding and instead of directly modifying resolv.conf out ouf openfortivpn we can call resolvconf if it is available at runtime - but that still needs to be implemented and tested.

[mrbaseman]

resolvconf support is available on the master branch and can be tested there now